From owner-freebsd-security Mon May 3 16:11:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id DA988154AC for ; Mon, 3 May 1999 16:11:21 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id RAA05715 for ; Mon, 3 May 1999 17:11:17 -0600 (MDT) Message-Id: <4.2.0.37.19990503171021.04dd6630@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta) Date: Mon, 03 May 1999 17:11:14 -0600 To: security@freebsd.org From: Brett Glass Subject: Claimed remote reboot exploit: Real or bogus? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can anyone confirm or deny the existence of this exploit? >Return-Path: >Received: from brimstone.netspace.org (brimstone.netspace.org >[128.148.157.143]) > by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id QAA05374 > for ; Mon, 3 May 1999 16:34:55 -0600 (MDT) >Received: from netspace.org ([128.148.157.6]:25967 "EHLO netspace.org" >ident: "TIMEDOUT2") by brimstone.netspace.org with ESMTP id <44338-4047>; >Mon, 3 May 1999 18:31:54 -0400 >Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8d) with > spool id 452434 for BUGTRAQ@NETSPACE.ORG; Mon, 3 May 1999 22:31:01 > +0000 >Approved-By: aleph1@UNDERGROUND.ORG >Received: from dilbert.exodus.net (dilbert.exodus.net [216.33.66.132]) by > netspace.org (8.8.7/8.8.7) with ESMTP id EAA31442 for > ; Sat, 1 May 1999 04:17:47 -0400 >Received: (from jamie@localhost) by dilbert.exodus.net (8.9.1/8.9.1) id > DAA24310 for bugtraq@netspace.org; Sat, 1 May 1999 03:18:40 -0500 > (CDT) >Mime-Version: 1.0 >Content-Type: text/plain; charset=us-ascii >X-Mailer: Mutt 0.95.1i >RFC_Violation: You saw it here first! >X-PGP-Fingerprint: <921C135D> C4 48 1B 26 18 7B 1F D9 BA C4 9C 7A B1 07 07 E8 >X-No-Archive: Yes >X-Contact-Analog: ph:312.425.7140 fx:312.425.7240 >X-Contact-Page: 888.740.9533 || 7409533@skytel.com >Message-ID: <19990501031840.A24252@dilbert.exodus.net> >Date: Sat, 1 May 1999 03:18:40 -0500 >Reply-To: jamie@exodus.net >Sender: Bugtraq List >From: Jamie Rishaw >Subject: FreeBSD 3.1 remote reboot exploit >To: BUGTRAQ@netspace.org >X-UIDL: bb7cd1086853f3805dc34b1136a06c40 > >Hi, > > Sorry to be so vague, but I wanted to let everyone know, > > It's been demonstrated to me by two people who will not reveal "how" >that there is a remote bug exploit, almost certainly over IP, that will >cause FreeBSD-3.1 systems to reboot with no warnings. > > The second box this was demonstrated on today had no open services >besides ircd, and was remote rebooted. (The first box had open services >such as smtp, ssh, pop, http, but did /not/ run ircd, eliminating ircd >as the culprit). > > If anyone can shed some light on this (really bad) issue, it'd be >greatly appreciated, especially since I am(was) in the process of >upgrading all of my boxes to 3.1. (3.1-REL). > > Regards, > >-jamie >-- >jamie rishaw (efnet:gavroche) -- Exodus Communications, Inc. >>Sr. Network Engr, Chicago, SoCal Data Centers > In an interesting move Exodus Communications annouced today that > they have replaced all of their backbone engineers with furby's To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message